First, I've missed everyone. Last week I was at SANS2010, doing the work study for SEC505, Securing Windows, then I've also been dealing with some family issues.

Anyway, I finally signed up for my GCIA (GIAC Certified Intrusion Analys) attempt next Wednesday at 12pm. I have taken the SEC503 in December, re-read the course ware, created a detailed index, read Network Intrusion Detection by Northcutt and Novak and added it to my index. I've primped and pruned my index within an inch of it's life... any last minute recommendations from the peanut gallery?

Thank you for all your well wishes. I am going to be doing a dry run of my index with a practice test this weekend. Then I may have my second GCIA practice test up for grabs if nobody in my department wants it.

If you have the fundamentals of packet reading, analysis and how they operate you should do fine.

My advice is to have the SANS TCP/IP for 4 & 6 cheat sheets blown up to A3 size for reference. If you have any other great cheat sheets for snort or tools print them out and have them handy.

Good luck on the exam and don't be afraid to use the question skips on the questions that aren't obvious or you know you have to dig through the books for. Taking a break around the 75th question is a good way to avoid getting click happy ;-).

Hey, it seems you and I were certifying at or around the same time! I took my GSEC exam March 19 starting at 9am Central.

I know its a bit late, but here's my general approach to GIAC certs:

1 Listen/stay engaged during the class - this can be the toughest part as these classes seem to drag on forever after the second or third day!

2 read ahead - this doesn't work as well during the live events, but if your taking onDemand or vLive, make sure you've read the material before class!

3 take a break - I don't even start re-reading the material until 3 or so weeks after the class is over. This gives me a chance to digest what I've learned during class and to refresh my brain.

4 re-read word for word - around the time my practice tests hit my portal account I start re-reading all the books word for word.

5 take a practice test - I do my first practice test without the help of any of the books or an index.

6 index the books - After I have my baseline of where I stand with the material, I start indexing. I try to find something on every page, but I don't really stick to that rule hard and fast. I make sure I have key concepts, proper names, tools, etc. indexed. Basically I try to get the head of the test writers and think of what they might ask me. (I average about 1200-1400 entries in my indexes.)

7 take the second practice test - Two days before the exam date I take my second practice test with my index. This gives me a very good idea of what I will score on the final test.

8 rest the day before

9 take the test

I've taken three GIAC tests so far and scored above a 90% on each, so this works well for me. Everyone, though, has different ways of learning that work best for them.

As far as tricks for taking the test...Basically, I just take the test from start to finish without skipping any questions. I find that if you have a very detailed index, you shouldn't have any problems looking up any of the questions. I do, however, take my break at or around the 100th question mark. That way, if I do have to go to the bathroom or something urgent like that during the second part of the test, I am fairly close to the end of the exam.

Ok, I passed my GCIA yesterday with an hour to go. My final score was 85%. I was less about my score than with my GCIH (94%). I just wanted to pass, then I was able to take it easy. The test got a lot easier once I passed. This was much harder than the GCIH. A lot of packet reading. I made easy mistakes when counting the hex and converting. I made the mistake of not taking a break, I was more concerned about just finishing the test and getting out of there because of personal issues.

It was a good experience. Now I can move onto my GCWN. I will am going to offer the practice test to my group, if I do not get an immediate response my next stop will be here. itg33k has first dibs, but I think I may have a simple little quiz to answer to make it fair.

When it comes to the exam, Jason's 505 is a tricky beast, due to the massive amount of information that's crammed in to the course.

Take a break for the books for a while, then start indexing like mad. I made the mistake of thinking this would be easy for an experienced windows admin. Got tripped up on a couple of questions, back to back, and then took the whole thing a lot more seriously.

Learned from that a good index is very helpful when scrambling for an obscure answer :-)